Respond Quickly to Anomalies

If a bad actor is identified or a workload is possibly compromised, you need to act fast. ThreatStryker can automatically block attackers, both internal and external, and can isolate tainted workloads to prevent further exploits and lateral spread.

Chain of dots icon

Cyber Kill Chain modeling

ThreatStryker uses the Cyber Kill Chain to model the progress of potential attack, from Reconnaissance to Exfiltration, and assigns a risk measurement to attack events. ThreatStryker raises notifications, and can also perform automated actions once a suspected attack reaches a threshold in the Kill Chain.

circle with x inside icon

Firewall bad actors with network policies

The sources of identified bad network traffic can be automatically detected and firewalled, using the local networking tools (Kubernetes CNI, eBPF). ThreatStryker can block specific sources, external or internal, in order to neutralize an attack and prevent lateral spread.

jail/quarantine icon

Quarantine tainted workloads

ThreatStryker correlates network activity and on-host events (file and process integrity) to judge whether or not a host or container is tainted. ThreatStryker can then execute corresponding quarantine actions to isolate, terminate, or restart the workload.

bar chart up and down over time icon

Long-term analysis and forensics

Many attacks build up over a long period of time. An attacker may compromise one service or workload, and explore to find other targets. ThreatStryker archives suspicious behavior over long periods of time to build a picture of the increasing risk, and provide information for forensic investigation.

Did you know?

When protecting Kubernetes, ThreatStryker can automatically kill tainted pods. The Kubernetes deployment controller will then start fresh workloads from a known good state, meaning that any loss of capacity is minimized and services continue uninterrupted.

Get Started

Get ThreatMapper Compare Products